Threat

AISURU and Kimwolf Botnet Launch Record-Breaking 31.4 Tbps DDoS Attack

Cybersecurity researchers have attributed a record-breaking distributed denial-of-service attack to the AISURU and Kimwolf botnet, which generated traffic peaks of 31.4 terabits per second and lasted approximately 35 seconds, making it one of the largest DDoS attacks ever recorded. Cloudflare confirmed that the attack occurred in November 2025 and was automatically detected and mitigated by its systems. The company said the incident […]

AISURU and Kimwolf Botnet Launch Record-Breaking 31.4 Tbps DDoS Attack Read More »

Infy Hackers Restart Operations Using New C2 Servers After Iran’s Internet Blackout Ends

The Iranian state-linked threat group known as Infy, also tracked as Prince of Persia, has resumed cyber operations after a temporary pause that coincided with Iran’s nationwide internet shutdown in early January 2026. Researchers say the group reappeared with new command-and-control (C2) servers, reinforcing assessments that Infy operates with state backing. According to a report released by SafeBreach, the

Infy Hackers Restart Operations Using New C2 Servers After Iran’s Internet Blackout Ends Read More »

Critical n8n Vulnerability CVE-2026-25049 Allows System Command Execution Through Malicious Workflows

A severe security vulnerability has been disclosed in the n8n workflow automation platform that could allow attackers to execute arbitrary system commands on affected servers. The flaw, tracked as CVE-2026-25049 (CVSS score: 9.4), bypasses prior safeguards introduced to fix CVE-2025-68613, which was patched in December 2025. According to n8n maintainers, an authenticated user with workflow creation or modification privileges can

Critical n8n Vulnerability CVE-2026-25049 Allows System Command Execution Through Malicious Workflows Read More »

Malicious NGINX Configurations Power a Large-Scale Web Traffic Hijacking Campaign

Cybersecurity researchers have identified an active campaign in which attackers exploit NGINX installations and management platforms such as Baota (BT) Panel to hijack web traffic on a large scale. The operation manipulates web requests, routing them through infrastructure controlled by threat actors. Datadog Security Labs reported that the campaign leverages React2Shell (CVE-2025-55182, CVSS score: 10.0) exploits alongside malicious NGINX configurations to

Malicious NGINX Configurations Power a Large-Scale Web Traffic Hijacking Campaign Read More »

DEAD#VAX Malware Campaign Spreads AsyncRAT Using IPFS-Hosted VHD Phishing Files

Threat hunters have revealed details of a sophisticated malware operation named DEAD#VAX, a stealth focused campaign that combines disciplined operational techniques with the abuse of legitimate Windows features to evade detection and deploy the AsyncRAT remote access trojan. According to researchers from Securonix, the campaign relies on IPFS hosted virtual hard disk files, advanced script obfuscation,

DEAD#VAX Malware Campaign Spreads AsyncRAT Using IPFS-Hosted VHD Phishing Files Read More »

China-Linked Amaranth Dragon Exploits WinRAR Vulnerability in Espionage Campaigns

Threat actors with links to China have been connected to a new wave of cyber espionage operations aimed at government and law enforcement institutions across Southeast Asia during 2025. Check Point Research has attributed the activity to a previously undocumented threat cluster named Amaranth-Dragon, which researchers say shows notable overlaps with the APT41 ecosystem. Countries

China-Linked Amaranth Dragon Exploits WinRAR Vulnerability in Espionage Campaigns Read More »

Microsoft Warns of Python Infostealers Targeting macOS Through Fake Ads and Installers

Microsoft has issued a warning that information stealing malware campaigns are rapidly expanding beyond Windows systems and increasingly targeting Apple macOS environments. According to the company, attackers are using cross platform programming languages such as Python and abusing trusted advertising and software distribution platforms to scale these attacks. Researchers from the Microsoft Defender Security Research

Microsoft Warns of Python Infostealers Targeting macOS Through Fake Ads and Installers Read More »

CISA Adds Actively Exploited SolarWinds Web Help Desk RCE Vulnerability to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting SolarWinds Web Help Desk (WHD) to its Known Exploited Vulnerabilities (KEV) catalog, confirming that the flaw is being actively exploited in real world attacks. The vulnerability, identified as CVE-2025-40551 with a CVSS score of 9.8, involves the deserialization of untrusted data. Successful exploitation

CISA Adds Actively Exploited SolarWinds Web Help Desk RCE Vulnerability to KEV Catalog Read More »

Docker Patches Critical Ask Gordon AI Vulnerability Allowing Code Execution via Image Metadata

Cybersecurity researchers have revealed a serious vulnerability affecting Ask Gordon, the AI assistant integrated into Docker Desktop and Docker CLI, that could allow attackers to execute code and steal sensitive information. The flaw, dubbed DockerDash by Noma Labs, was fixed in Docker version 4.50.0 released in November 2025. How DockerDash Works According to Sasi Levi, lead security researcher

Docker Patches Critical Ask Gordon AI Vulnerability Allowing Code Execution via Image Metadata Read More »

APT28 Leverages Microsoft Office CVE-2026-21509 in Espionage Oriented Malware Attacks

A Russia-linked state-sponsored hacking group known as APT28, also tracked as UAC-0001, has been linked to a new cyber espionage campaign that abuses a recently disclosed Microsoft Office vulnerability. The operation, internally referred to as Operation Neusploit, leverages CVE-2026-21509 to deliver sophisticated malware payloads against targeted regions. Exploitation Observed Shortly After Disclosure According to Zscaler ThreatLabz,

APT28 Leverages Microsoft Office CVE-2026-21509 in Espionage Oriented Malware Attacks Read More »